Card scanner used in Galleria-area hotel break-ins

Matthew Allen Cook was arrested for breaking into several Houston hotel rooms with an electronic device.

Matthew Allen Cook was arrested for breaking into several Houston hotel rooms with an electronic device.

Photo: HPD

Image 2 of 2

Galleria-area burglaries point to flaws in electronic hotel room locks worldwide. And one hacker says a $50 homemade gadget might have been used in the thefts.

Galleria-area burglaries point to flaws in electronic hotel room locks worldwide. And one hacker says a $50 homemade gadget might have been used in the thefts.

Photo: youtube.com

Card scanner used in Galleria-area hotel break-ins

1 / 2

Back to Gallery

A Houston man accused in a series of hotel burglaries appears to have exploited a security flaw that experts say makes millions of U.S. hotel rooms vulnerable.

Matthew Allen Cook, 27, was arrested in October after investigators linked him to break-ins of at least three Houston hotels between Sept. 7 and Sept. 24. He used a "portable card scanner" to easily gain access to the rooms, according to court records. The total loss was just over $2,300.

Todd Seiders, director of risk management at Petra Risk Solutions, said Cook's arrest appeared to be the first case in the nation of a suspected burglar using a portable electronic device to break into a hotel room.

"This is the first case that we can confidently say one of these hacking portable programmers was used," said Seiders, a former Marriott security director. "The good news is they arrested somebody."

Translator

To read this article in one of Houston's most-spoken languages, click on the button below.

Software developer Cody Brocious, who demonstrated a lock-hacking technique at an August conference in Las Vegas, said at least 4 million hotel rooms have Onity locks, which he said can be opened with a device he created with less than $50 worth of parts.

Brocious, 24, the founder of Connecticut-based Trapped Orbit Research, explained that a port at the bottom of the lock can be accessed, enabling a hacker to easily crack the code.

Seiders said newer models of Onity locks are not as vulnerable, but hotels do not regularly change door locks.

Tom McElroy, a former director of security at Hilton, said the security flaw is "huge" because Onity is one of only a few lock manufacturers used by major hotels.

Videos on YouTube

Onity says on its website that it is the leading global provider of electronic locks to the hospitality industry, with its products in more than 22,000 hotels worldwide, including 200 chains.

McElroy said others have improved on Brocious' device. One hacker concealed a device in a dry erase marker, he said.

"It's just a matter of time when this goes beyond a lost laptop and someone is seriously hurt or injured or - God forbid - killed by someone using this device," McElroy said. "This is just happening with the maturity of technology, the Internet and ease of building tools."

Immediately after Brocious' presentation, engineers developed mechanical and technical solutions, tested and validated by two independent security firms, Onity said in a statement.

"All requests for these solutions have already been fulfilled, or are in the process of being fulfilled," the statement said. "We are disappointed that hackers are targeting electronic hotel locks and publishing methods to illegally break into hotel rooms under the guise of protecting public safety."

After Brocious spoke at the conference, a series of YouTube videos apparently demonstrated how to use the hacking device.

Cook is accused of stealing a laptop computer Sept. 7 from a room at the Galleria-area Hyatt House Hotel on Sage Road. A second break-in was reported Sept. 13 at a Hyatt House Hotel on the Katy Freeway, where an Apple computer was reported stolen. On Sept. 24, a woman's earrings were taken from her room at the Homewood Suites Hotel on Sage Road.

Court records show that Hyatt management explained to the victims in a letter that a portable electronic device was used to break into the rooms.

Other locks vulnerable

Investigators said Cook was linked to each theft through the stolen goods recovered at local pawnshops or through tracing software.

His attorney, Charles David Thompson, said Cook pleaded not guilty and has been released on a $10,000 bond. He advised his client not to comment.

A call to the general manager of Homewood Suites on Sage Road was not returned. Hyatt's corporate office said in a statement that hotels using Onity locks have implemented security measures to mitigate the potential vulnerability. The hotel chain would not release specifics.

McElroy said the Onity security flaw might lead hackers to look for weaknesses in other manufacturers' locks.